| VID |
16023 |
| Severity |
40 |
| Port |
21 |
| Protocol |
TCP |
| Class |
FTP |
| Detailed Description |
The FTP server is vulnerable to a buffer overflow in the glob() function.
glob() implements filename pattern matching, following rules similar to those used by Unix shells. It is a pathname generator, which accepts an input pattern representing a set of filenames and returns a list of accessible pathnames matching that pattern. The input pattern is specified by using special metacharacters, taken from the following: *?[]{}~' . For example, a pattern of '/e*' would match all directories and files in the root of the file system that begin with the character 'e'.
The BSD ftp daemon and derivatives (such as IRIX ftpd or the ftp daemon shipped with Kerberos 5) contain a number of buffer overflows that may lead to a compromise of root access to malicious users. By sending to the FTP server a request containing a tilde (~) and other wildcard characters in the pathname string, a remote attacker can overflow a buffer and execute arbitrary code on the FTP server to gain root privileges.
In order to exploit this vulnerability, the attacker's ftp account must be able to either create directories or directories with long enough names must exist already.
* References:
http://www.cert.org/advisories/CA-2001-07.html
http://www.iss.net/security_center/static/6332.php
Platforms Affected:
Caldera UnixWare 7
IRIX 6.5.x
MIT Kerberos 5: All Versions
NetBSD: All Versions
OpenBSD 2.8 or earlier
FreeBSD 4.2 or earlier CVE-2001-0247
HP-UX 11.00 CVE-2001-0248
Solaris 8 CVE-2001-0249 |
| Recommendation |
For FreeBSD 4.2:
Upgrade to the latest version of FreeBSD (FreeBSD 4.2-STABLE, FreeBSD 5.0-CURRENT, or later), as listed in CERT Advisory CA-2001-07, http://www.cert.org/advisories/CA-2001-07.html
For Sun Solaris 8:
Apply the appropriate patch for your system, as listed in Sun Microsystems, Inc. Security Bulletin #00205, http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/205&type=0&nav=sec.sba
For Fujitsu UXP/V:
Apply the appropriate patch for your system, as listed in CERT Advisory CA-2001-07, http://www.cert.org/advisories/CA-2001-07.html
For NetBSD All versions:
Upgrade to the latest version of NetBSD (NetBSD-Current dated 4-03-2001 or later), as listed in NetBSD Security Advisory 2001-005, http://online.securityfocus.com/advisories/3207
For Caldera UnixWare 7:
Apply the appropriate patch for your system, as listed in Caldera International, Inc. Security Advisory CSSA-2001-SCO.27, ftp://stage.caldera.com/pub/security/unixware/CSSA-2001-SCO.27/CSSA-2001-SCO.27.txt
For other distributions:
Contact your vendor for upgrade or patch information.
Sites to refer:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0247
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0248
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0249
http://online.securityfocus.com/bid/2548
http://online.securityfocus.com/bid/2550
http://online.securityfocus.com/bid/2552 |
| Related URL |
CVE-2001-0247,CVE-2001-0248,CVE-2001-0249 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
